cOndemned

40 exploits Active since Mar 2008
CVE-2008-3848 EXPLOITDB text WORKING POC
Z-Breaknews 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1509 EXPLOITDB perl WORKING POC
xlportal < 2.2.4 - SQL Injection via Query Parameter
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.
EIP-2026-112825 EXPLOITDB html WORKING POC
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
CVE-2008-4740 EXPLOITDB text WORKING POC
TinyCMS 1.1.2 - Remote File Inclusion via ZZ_Templater config[template] Parameter
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter.
CVE-2008-6919 EXPLOITDB php WORKING POC
TaskDriver < 1.3 - Unauthenticated Authentication Bypass via Auth Cookie
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
CVE-2008-5217 EXPLOITDB html WORKING POC
txtCMS 0.3 - Path Traversal via ID Parameter
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
EIP-2026-112403 EXPLOITDB text WORKING POC
SquareCMS 0.3.1 - 'post.php' SQL Injection
CVE-2009-0110 EXPLOITDB php WORKING POC
riotpix < 0.61 - SQL Injection via ForumID Parameter
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2008-3588 EXPLOITDB text WORKING POC
phsblog 0.1.1 - SQL Injection via eid, cid, or urltitle Parameter
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
CVE-2008-3377 EXPLOITDB text WORKING POC
phpTest 0.6.3 - SQL Injection via image_id Parameter
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
CVE-2008-2501 EXPLOITDB text WORKING POC
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
EIP-2026-110615 EXPLOITDB text WORKING POC
PhotoDiary 1.3 - 'lng' Local File Inclusion
EIP-2026-110414 EXPLOITDB text WORKING POC
OvBB 0.16a - Multiple Local File Inclusions
CVE-2009-1509 EXPLOITDB text WORKING POC
MyioSoft AjaxPortal 3.0 - SQL Injection via Page Parameter
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-5604 EXPLOITDB text WORKING POC
My Simple Forum <4.1 - Path Traversal
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2008-6330 EXPLOITDB php WORKING POC
MyTopix < 1.3.0 - Authenticated SQL Injection via Notes Action Send Parameter
SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action.
CVE-2008-2477 EXPLOITDB text WORKING POC
MxBB Portal 2.7.3 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
EIP-2026-109220 EXPLOITDB text WORKING POC
LoveCMS 1.6.2 Final - Multiple Local File Inclusions
CVE-2008-4913 EXPLOITDB text WORKING POC
LokiCMS <= 0.3.3 - Unauthenticated Arbitrary File Deletion via Admin.php Delete Parameter
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
CVE-2008-7062 EXPLOITDB text WORKING POC
LoveCMS 1.6.2 Final - Unauthenticated Arbitrary File Upload via Download Manager
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
CVE-2008-5308 EXPLOITDB php WORKING POC
LoveCMS The Simple Forum 3.1d - Unauthenticated Administrator Password Change via Direct Request
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
CVE-2008-5794 EXPLOITDB text WORKING POC
LoveCMS 1.6.2 Final - Path Traversal
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
CVE-2008-5594 EXPLOITDB text WORKING POC
Mini Blog 1.0.1 - Path Traversal via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
CVE-2008-5593 EXPLOITDB text WORKING POC
Mini CMS 1.0.1 - Remote File Inclusion via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
CVE-2009-1853 EXPLOITDB text WORKING POC
Kensei Board < 2.0.0b - SQL Injection via f and t Parameters
Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action.